From 899e84ca75290bc6d7068cd13a0ced0b593d0e14 Mon Sep 17 00:00:00 2001 From: Colin Date: Mon, 2 Jun 2025 08:43:26 +0000 Subject: [PATCH] flowy: add ssh and wireguard keys --- hosts/common/hosts.nix | 7 ++++--- secrets/flowy/wg-home.priv.bin | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 secrets/flowy/wg-home.priv.bin diff --git a/hosts/common/hosts.nix b/hosts/common/hosts.nix index b1ab15e78..bb891d83d 100644 --- a/hosts/common/hosts.nix +++ b/hosts/common/hosts.nix @@ -19,9 +19,10 @@ }; sane.hosts.by-name."flowy" = { - ssh.authorized = lib.mkDefault false; # TODO: enable after i add ssh keys, below - # wg-home.pubkey = "TODO"; - # wg-home.ip = "10.0.10.56"; + ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAa9U2+aUc5Kr6f2oeILAy2EC86W5OZSprmBb1F+8n7/"; + ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNuTITzc07mqYspWw6fqRw40ObxwnmWCwg188apHB/o"; + wg-home.pubkey = "o6Vh+gHF87wAOOofgKKYIhV91kgDRnLvwnd5W2WHsDE="; + wg-home.ip = "10.0.10.56"; lan-ip = "10.78.79.56"; }; diff --git a/secrets/flowy/wg-home.priv.bin b/secrets/flowy/wg-home.priv.bin new file mode 100644 index 000000000..99eb09902 --- /dev/null +++ b/secrets/flowy/wg-home.priv.bin @@ -0,0 +1,27 @@ +{ + "data": "ENC[AES256_GCM,data:esZx2a+uA+1uxAHotvA+cVOeVsFKWAKC+4J7givMHgQ/nNn+P6hNqL5OLs75,iv:sQrOD5/2H6MLKg8JYCTs2LTcRSmQ7Hha6jx9rFeduPw=,tag:IxGYnJNs4hu2CPVqil6aZQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4REE4Tk10UjF3SnJJZ3Za\nbW84c3plRHFzZ0g1djlNTnNmNEZtelpsYTIwCks2YkNxUDgzL0UvbGU1dlBWd2dC\nYkR6S3VScW1zcjQ3VTEvYldKUGYwdFEKLS0tIGpMbGJVRVVmMDNDd045eGthSTJT\nR240Wm5OT24yUStoVVd2SGJYVmNQNlUK2WwD3SACpDkqh5nHfcz6Gy2Q5BX73dcf\nkDhQX4V70JiRDm7oSq+X+wZvr7Xn1rdLIwMP7rBCF8oQGcd6903kPQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1nw3z25gn6l8gxneqw43tp8d2354c83d9sn3r0dqy5tapakdwhyvse0j2cc", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWVd3ajlQUHFScUR1MlJQ\nT3lMVXJ5UlJpQ2dDVWR5YkhlOHJiUHVFMlJZCjdCaXovVk1uQVdmSFFCRlBxN3RJ\nd0k1Tm1adjlrVDQ0VnJXaFhEZ2lTSU0KLS0tIEtNbmlIVTVPeWFvajR3Y3lkMkNX\nS3U1a2lIS2FlODJ0NnEycXV2Tzgrd3MKeviPxl+74QG5ulqHNWOb+CqbSrf7OF+B\ndKUrz55GGj8sx48in6jabMu7TrC3HeLGVgCAs2XEN+jWvCmSohBd3w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcTRTUTdoWk5TSjRsS1Fp\nbEowQkxscTBUWnB4enZhUE1aUHU5Ync2LzM4CnJUZHZhSlQrMENJRzM1MnpUbWJs\nc0FmSm9HS0s3a3dNMlJHZzUzODJvancKLS0tIE1JWC9ZNWQwMGRTYVZTejNPRGVi\ndU1DZG5wMlA0ZjFad2FhL2VIVHdHc0UK8CBlRdEHACVktqXLgwmbPgy3yh3hayl+\ndn/tdcZRuQkspZhNX1sJjUn+O7Lk8Yp+12rJfWyps0n4SXRfKBHPdA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TGNqRHE2UzJOTHU3WTd0\nR0UrZmszblFlUzUzRFQ3c1hxSWkrZHpCRldZCnQ0WWcxbFkvSkJKVkN6Y2VSRlhn\nLzlTRkNmNVhHK3UrdFhMdU9lTWIzMEkKLS0tIEp3TGgzUkpUdlFqaGNjTlFySWtH\nOHpUb2VYcHpyMVc2OVBvckVoaGJ0aGsKBbqSfAuHExSGT3cjY092CnKv+YGgcZNQ\nnJIFcYsUIEvIPQaqtBNd7E/XlrSkpiKYffRj5Mal7yzMCxnkuuqkyg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-02T08:40:29Z", + "mac": "ENC[AES256_GCM,data:00pyNrL8YL7tXXEGNUb7LfDawJ5Ut9xjq3EYx0PzGougMwRwFwyTc3lVGXM3pK9MPb32iOCKhOw02Gxg6wrsv6GfJBK2bVnDIC650XbJPtQYTBqdgswSOjf3/vGdmEf0Wkq41QKXSRjkf/TWSNoQZB+fzW33sXCx7OxtAlrHbbU=,iv:74ESeZFZ78EHVLcWOuLskaw71ChcWvb6MuUr0g2igAI=,tag:3cL2L6Fu6/rSuaqo5qfoqg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +}